The certification work has been performed by the Federal Office for Information Security (BSI),
the Common Criteria certification body of the German government and TÜViT Evaluation Body for IT
security which evaluates products worldwide according to the ITSEC and the Common Criteria (CC).

Microsoft Exchange Server 2007 EE SP2 certification report is
available for reading from the BSI website
and from this page.

This site contains information and downloads for the certified version.
It provides links to the Security Target which lists the security and assurance claims certified by
the evaluation, to additional guidance documentation and other required files.

Steps in order to ensure the integrity of Exchange Server 2007 EE SP2

Please perform the following steps in order to ensure the integrity of your downloads from this website:

Download the FCIV tool [1] from Microsoft. The SHA1 value of this download is 99fb35d97a5ee0df703f0cdd02f2d787d6741f65 (hex)
and shall be verified before executing the download. This can be done using any tool capable of
calculating SHA-1 values. While running the file you have to enter a destination folder where
the FCIV executable should be extracted to.

Download the

Integrity Check Validation Data [2],

CC Guidance Addendum [3],

Exchange Server 2007 Guidance [4], and

Exchange Server 2007 SP2 [5]

to the directory where FCIV Tool has been extracted.

Extract the Integrity Check Validation Data archive to the directory where FCIV Tool has been extracted.

Open a command window and change to the folder where the validation files are located.
Then, type the following to validate Exchange Server 2007: integritycheck_ee_ENU.cmd X:

After Exchange Server 2007 DVD has been sucessfully validated type the following to verify the integrity of Exchange Server 2007 SP2: integritycheck_sp2_ENU.cmd

If the DVD/file cannot be validated as an authentic DVD/file, a message will be displayed, indicating that the
DVD/file is not authentic. The integritycheck.log file, listing the failure details, will be created
in the folder with the original files.
If the DVD/file is correctly validated, the following message will be displayed: The ... is an authentic <product name>

After the final verification steps have been finished follow the Exchange 2007 CC
Guidance Addendum for the installation and configuration of the
TOE (Target of Evaluation; for details see Security Target).